CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5619

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1960%
EPSS Percentile14.31th
PublishedDec 17, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.

Affected Platforms (CPE)

πŸ“¦
Roundcube

Webmail

= 0.2.1
πŸ“¦
Roundcube

Webmail

= 0.2.3

References & Advisories

πŸ”— http://mahara.org/interaction/forum/topic.php?id=533
πŸ”— http://osvdb.org/53893
πŸ”— http://secunia.com/advisories/33145
πŸ”— http://secunia.com/advisories/33170
πŸ”— http://secunia.com/advisories/34789
πŸ”— http://sourceforge.net/forum/forum.php?forum_id=898542
πŸ”— http://trac.roundcube.net/changeset/2148
πŸ”— http://trac.roundcube.net/ticket/1485618

Related Vulnerabilities

CVE-2001-095310.0

Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is i...

CVE-2003-120210.0

The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via...

CVE-2001-002110.0

MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate...

CVE-2003-119210.0

Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.